Search Results

Search found 1364 results on 55 pages for 'jump'.

Page 22/55 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • Printf in assembler doesn't print

    - by Gaim
    Hi there, I have got a homework to hack program using buffer overflow ( with disassambling, program was written in C++, I haven't got the source code ). I have already managed it but I have a problem. I have to print some message on the screen, so I found out address of printf function, pushed address of "HACKED" and address of "%s" on the stack ( in this order ) and called that function. Called code passed well but nothing had been printed. I have tried to simulate the environment like in other place in the program but there has to be something wrong. Do you have any idea what I am doing wrong that I have no output, please? Thanks a lot EDIT: This program is running on Windows XP SP3 32b, written in C++, Intel asm there is the "hack" code CPU Disasm Address Hex dump Command Comments 0012F9A3 90 NOP ;hack begins 0012F9A4 90 NOP 0012F9A5 90 NOP 0012F9A6 89E5 MOV EBP,ESP 0012F9A8 83EC 7F SUB ESP,7F ;creating a place for working data 0012F9AB 83EC 7F SUB ESP,7F 0012F9AE 31C0 XOR EAX,EAX 0012F9B0 50 PUSH EAX 0012F9B1 50 PUSH EAX 0012F9B2 50 PUSH EAX 0012F9B3 89E8 MOV EAX,EBP 0012F9B5 83E8 09 SUB EAX,9 0012F9B8 BA 1406EDFF MOV EDX,FFED0614 ;address to jump, it is negative because there mustn't be 00 bytes 0012F9BD F7DA NOT EDX 0012F9BF FFE2 JMP EDX ;I have to jump because there are some values overwritten by the program 0012F9C1 90 NOP 0012F9C2 0090 00000000 ADD BYTE PTR DS:[EAX],DL 0012F9C8 90 NOP 0012F9C9 90 NOP 0012F9CA 90 NOP 0012F9CB 90 NOP 0012F9CC 6C INS BYTE PTR ES:[EDI],DX ; I/O command 0012F9CD 65:6E OUTS DX,BYTE PTR GS:[ESI] ; I/O command 0012F9CF 67:74 68 JE SHORT 0012FA3A ; Superfluous address size prefix 0012F9D2 2069 73 AND BYTE PTR DS:[ECX+73],CH 0012F9D5 203439 AND BYTE PTR DS:[EDI+ECX],DH 0012F9D8 34 2C XOR AL,2C 0012F9DA 2066 69 AND BYTE PTR DS:[ESI+69],AH 0012F9DD 72 73 JB SHORT 0012FA52 0012F9DF 74 20 JE SHORT 0012FA01 0012F9E1 3120 XOR DWORD PTR DS:[EAX],ESP 0012F9E3 6C INS BYTE PTR ES:[EDI],DX ; I/O command 0012F9E4 696E 65 7300909 IMUL EBP,DWORD PTR DS:[ESI+65],-6F6FFF8D 0012F9EB 90 NOP 0012F9EC 90 NOP 0012F9ED 90 NOP 0012F9EE 31DB XOR EBX,EBX ; hack continues 0012F9F0 8818 MOV BYTE PTR DS:[EAX],BL ; writing 00 behind word "HACKED" 0012F9F2 83E8 06 SUB EAX,6 0012F9F5 50 PUSH EAX ; address of "HACKED" 0012F9F6 B8 3B8CBEFF MOV EAX,FFBE8C3B 0012F9FB F7D0 NOT EAX 0012F9FD 50 PUSH EAX ; address of "%s" 0012F9FE B8 FFE4BFFF MOV EAX,FFBFE4FF 0012FA03 F7D0 NOT EAX 0012FA05 FFD0 CALL EAX ;address of printf This code is really ugly because I am new in assembler and there mustn't be null bytes because of buffer-overflow bug

    Read the article

  • How to search for alphanumeric word before or after a keyword in perl?

    - by aliocee
    I have sentences as shown in the below examples: $sen1 = "The quick brown fox jump KEYWORD over123 the3 lazy dog, fox is quick"; $sen2 = "The quick brown fox jump123 KEYWORD over the lazy dog, fox is quick"; i want to use the keyword 'KEYWORD' as my search string to extract the alphanumeric words before and after the search string using Perl regular expression. sample output: over123 jump123 NB: The word 'the3' is left out because i'm only searching for alphanumeric words exactly before or after the 'KEYWORD'. Thanks

    Read the article

  • css sprite button is jumping around

    - by Richard
    Hello everyone, Does anyone know what is causing the sprite rollover to jump around It is I think more likely a photoshop question, but I am not completely sure. I hope to get an answer here anyway, since I think most webdesigners/programmers problably worked with photoshop also. This is what I want the rollover to do example 1 and this is my testpage (see the play button) I made the sprite with spriteme.com thanks, Richard

    Read the article

  • Equivalent of NextResult() method in Dataset/DataAdapter?

    - by flopdix
    Hi All, I have a stored procedure that contains 3 select statements hence i get 3 resultsets. I am aware that using SqlDataReader, i can use NextResult() method to jump to the 2nd or 3rd resultsets by calling it twice or thrice. But i want to use the dataset/dataadapter, is there any ways that i can achieve this by not changing my stored procedure? tia!

    Read the article

  • Error in Print Function in Bubble Sort MIPS?

    - by m00nbeam360
    Sorry that this is such a long block of code, but do you see any obvious syntax errors in this? I feel like the problem is that the code isn't printing correctly since the sort and swap methods were from my textbook. Please help if you can! .data save: .word 1,2,4,2,5,6 size: .word 6 .text swap: sll $t1, $a1, 2 #shift bits by 2 add $t1, $a1, $t1 #set $t1 address to v[k] lw $t0, 0($t1) #load v[k] into t1 lw $t2, 4($t1) #load v[k+1] into t1 sw $t2, 0($t1) #swap addresses sw $t0, 4($t1) #swap addresses jr $ra #return sort: addi $sp, $sp, -20 #make enough room on the stack for five registers sw $ra, 16($sp) #save the return address on the stack sw $s3, 12($sp) #save $s3 on the stack sw $s2, 8($sp) #save Ss2 on the stack sw $s1, 4($sp) #save $s1 on the stack sw $s0, 0($sp) #save $s0 on the stack move $s2, $a0 #copy the parameter $a0 into $s2 (save $a0) move $s3, $a1 #copy the parameter $a1 into $s3 (save $a1) move $s0, $zero #start of for loop, i = 0 for1tst: slt $t0, $s0, $s3 #$t0 = 0 if $s0 S $s3 (i S n) beq $t0, $zero, exit1 #go to exit1 if $s0 S $s3 (i S n) addi $s1, $s0, -1 #j - i - 1 for2tst: slti $t0, $s1, 0 #$t0 = 1 if $s1 < 0 (j < 0) bne $t0, $zero, exit2 #$t0 = 1 if $s1 < 0 (j < 0) sll $t1, $s1, 2 #$t1 = j * 4 (shift by 2 bits) add $t2, $s2, $t1 #$t2 = v + (j*4) lw $t3, 0($t2) #$t3 = v[j] lw $t4, 4($t2) #$t4 = v[j+1] slt $t0, $t4, $t3 #$t0 = 0 if $t4 S $t3 beq $t0, $zero, exit2 #go to exit2 if $t4 S $t3 move $a0, $s2 #1st parameter of swap is v(old $a0) move $a1, $s1 #2nd parameter of swap is j jal swap #swap addi $s1, $s1, -1 j for2tst #jump to test of inner loop j print exit2: addi $s0, $s0, 1 #i = i + 1 j for1tst #jump to test of outer loop exit1: lw $s0, 0($sp) #restore $s0 from stack lw $s1, 4($sp) #resture $s1 from stack lw $s2, 8($sp) #restore $s2 from stack lw $s3, 12($sp) #restore $s3 from stack lw $ra, 16($sp) #restore $ra from stack addi $sp, $sp, 20 #restore stack pointer jr $ra #return to calling routine .data space:.asciiz " " # space to insert between numbers head: .asciiz "The sorted numbers are:\n" .text print:add $t0, $zero, $a0 # starting address of array add $t1, $zero, $a1 # initialize loop counter to array size la $a0, head # load address of print heading li $v0, 4 # specify Print String service syscall # print heading out: lw $a0, 0($t0) # load fibonacci number for syscall li $v0, 1 # specify Print Integer service syscall # print fibonacci number la $a0, space # load address of spacer for syscall li $v0, 4 # specify Print String service syscall # output string addi $t0, $t0, 4 # increment address addi $t1, $t1, -1 # decrement loop counter bgtz $t1, out # repeat if not finished jr $ra # return

    Read the article

  • Vim with split frame of buffers or file listing

    - by casualcoder
    Similar in appearance to Vim as a note taking platform (SO), I would like a pane with a list of open buffers that can be used as a jump to list. This is one feature in many IDEs and other advanced editors that is missing. Having a dozen buffers or so open becomes confusing as to which buffer is where.

    Read the article

  • Emacs next-error (C-x `) visualization.

    - by coelhudo
    Hello, when I get a compiler error (in my case gcc) in Emacs (version 23 for information) I use next-error Lisp function to jump to the next error :) But when I do this the window is split vertically, but I want this to be done horizontally. Anyone know how to modify this behavior? Thanks

    Read the article

  • WPF or Windows Forms

    - by Luminose
    I've been playing around with C# console applications for about a year and I want to move on to creating GUI applications. I have never done any GUI development besides basic Java applications, but I want to continue using C#. Should I start learning Windows Forms or jump straight to WPF? Is there a huge difference? Does WPF build on top of Windows Forms or are they totally different?

    Read the article

  • open iphone google maps with back button

    - by christian
    Hi, i have a webview in my iphone app where a google map location is opened like; Directions now the google map native app opens fine, but how could i add a RETURN button so it would jump back to my html page. Now i have to click my home button and the app close back to the desktop, so i have to start my webview again. in android its more easy, because there is always a back button and after viewing my gmap i simply back in my webview. thx chris

    Read the article

  • How to debug PYGTK program

    - by Guillaum
    When python raise an exception in the middle of a pygtk signal handling callback, the exception is catched by the gtk main loop, its value printed and the main loop just continue, ignoring it. If you want to debug, with something like pdb (python -m pdb myscript.py), you want that when the exception occure PDB jump on it and you can start debuging. Because of that it's not possible. How can i debug pygtk program then ?

    Read the article

  • Compare two Xcode build settings

    - by John Smith
    I have a project where I use two build settings predominantly. Unfortunately today something went wrong. One compiles and the other doesn't. How can I compare the two build settings in XCode to see what the differences are? (For those interested, the error I get in one build is jump to case label crosses initialization of 'const char* selectorName' if you know what this means I'll be very grateful )

    Read the article

  • jQuery AJAX POST gives undefined index

    - by Sebastian
    My eventinfo.php is giving the following output: <br /> <b>Notice</b>: Undefined index: club in <b>/homepages/19/d361310357/htdocs/guestvibe/wp-content/themes/yasmin/guestvibe/eventinfo.php</b> on line <b>11</b><br /> [] HTML (index.php): <select name="club" class="dropdown" id="club"> <?php getClubs(); ?> </select> jQuery (index.php): <script type="text/javascript"> $(document).ready(function() { $.ajax({ type: "POST", url: "http://www.guestvibe.com/wp-content/themes/yasmin/guestvibe/eventinfo.php", data: $('#club').serialize(), success: function(data) { $('#rightbox_inside').html('<h2>' + $('#club').val() + '<span style="font-size: 14px"> (' + data[0].day + ')</h2><hr><p><b>Entry:</b> ' + data[0].entry + '</p><p><b>Queue jump:</b> ' + data[0].queuejump + '</p><br><p><i>Guestlist closes at ' + data[0].closing + '</i></p>'); }, dataType: "json" }); }); $('#club').change(function(event) { $.ajax({ type: "POST", url: "http://www.guestvibe.com/wp-content/themes/yasmin/guestvibe/eventinfo.php", data: $(this).serialize(), success: function(data) { $('#rightbox_inside').hide().html('<h2>' + $('#club').val() + '<span style="font-size: 14px"> (' + data[0].day + ')</h2><hr><p><b>Entry:</b> ' + data[0].entry + '</p><p><b>Queue jump:</b> ' + data[0].queuejump + '</p><br><p><i>Guestlist closes at ' + data[0].closing + '</i></p>').fadeIn('500'); }, dataType: "json" }); }); </script> I can run alerts from the jQuery, so it is active. I've copied this as is from an old version of the website, but I've changed the file structure (through to move to WordPress) so I suspect the variables might not even be reaching eventinfo.php in the first place... index.php is in wp-content/themes/cambridge and eventinfo.php is in wp-content/themes/yasmin/guestvibe but I've tried to avoid structuring issues by referencing the URL in full. Any ideas?

    Read the article

  • Unit Testing - not testable code converted to testable code

    - by imak
    I have read so many places is that if your code is not test-able that mean code is not well written. So that makes me start writing a code that is test-able and to start using some unit testing framework. With this though I start looking for some example with piece of code that is not testable and gradually converted to a testable code. I find tons of examples on unit testing but if someone can provide an example like above it probably can jump start things for me. TIA

    Read the article

  • How do i refresh a page with a hash?

    - by acidzombie24
    I refresh pages by writing window.location = window.location; however this doesnt work on a page like /page#c22. It will just jump to whereever c22 is. How do i refresh the page? It does not need to use go to #c22 once refreshed but i am sure there is a more dependable way then window.location = window.location

    Read the article

  • "Use of uninitialised value" despite of memset

    - by Framester
    Hi there, I allocate a 2d array and use memset to fill it with zeros. #include<stdio.h> #include<string.h> #include<stdlib.h> void main() { int m=10; int n =10; int **array_2d; array_2d = (int**) malloc(m*sizeof(int*)); if(array_2d==NULL) { printf("\n Could not malloc 2d array \n"); exit(1); } for(int i=0;i<m;i++) { ((array_2d)[i])=malloc(n*sizeof(int)); memset(((array_2d)[i]),0,sizeof(n*sizeof(int))); } for(int i=0; i<10;i++){ for(int j=0; j<10;j++){ printf("(%i,%i)=",i,j); fflush(stdout); printf("%i ", array_2d[i][j]); } printf("\n"); } } Afterwards I use valgrind [1] to check for memory errors. I get following error: Conditional jump or move depends on uninitialised value(s) for line 24 (printf("%i ", array_2d[i][j]);). I always thought memset is the function to initialize arrays. How can I get rid off this error? Thanks! Valgrind output: ==3485== Memcheck, a memory error detector ==3485== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al. ==3485== Using Valgrind-3.5.0-Debian and LibVEX; rerun with -h for copyright info ==3485== Command: ./a.out ==3485== (0,0)=0 (0,1)===3485== Use of uninitialised value of size 4 ==3485== at 0x409E186: _itoa_word (_itoa.c:195) ==3485== by 0x40A1AD1: vfprintf (vfprintf.c:1613) ==3485== by 0x40A8FFF: printf (printf.c:35) ==3485== by 0x8048724: main (playing_with_valgrind.c:39) ==3485== ==3485== ==3485== ---- Attach to debugger ? --- [Return/N/n/Y/y/C/c] ---- ==3485== Conditional jump or move depends on uninitialised value(s) ==3485== at 0x409E18E: _itoa_word (_itoa.c:195) ==3485== by 0x40A1AD1: vfprintf (vfprintf.c:1613) ==3485== by 0x40A8FFF: printf (printf.c:35) ==3485== by 0x8048724: main (playing_with_valgrind.c:39) [1] valgrind --tool=memcheck --leak-check=yes --show-reachable=yes --num-callers=20 --track-fds=yes --db-attach=yes ./a.out [gcc-cmd] gcc -std=c99 -lm -Wall -g3 playing_with_valgrind.c

    Read the article

  • C instruction address

    - by aaa
    hello. Disclaimer, I not do anything in particular with regards this question, just curious. Is it possible to take address of instruction or block in C? in essence, is there jump equivalent in C? for example: void function() { int k; { // is a possible to go to this address from arbitrary point in code? int i, j; k += j+i; } } thank you

    Read the article

  • Approaching Java from a Ruby perspective

    - by Travis
    There are plenty of resources available to a Java developer for getting a jump-start into Ruby/Rails development. The reverse doesn't appear to be true. What resources would you suggest for getting up-to-date on the current state of java technologies? How about learning how to approach DRY (don't repeat yourself) without the use of metaprogramming? Or how to approach various scenarios where a ruby developer is used to passing in a function (proc/lambda/block) as an argument (callbacks, etc)?

    Read the article

  • Having trouble wrapping functions in the linux kernel

    - by Corey Henderson
    I've written a LKM that implements Trusted Path Execution (TPE) into your kernel: https://github.com/cormander/tpe-lkm I run into an occasional kernel OOPS (describe at the end of this question) when I define WRAP_SYSCALLS to 1, and am at my wit's end trying to track it down. A little background: Since the LSM framework doesn't export its symbols, I had to get creative with how I insert the TPE checking into the running kernel. I wrote a find_symbol_address() function that gives me the address of any function I need, and it works very well. I can call functions like this: int (*my_printk)(const char *fmt, ...); my_printk = find_symbol_address("printk"); (*my_printk)("Hello, world!\n"); And it works fine. I use this method to locate the security_file_mmap, security_file_mprotect, and security_bprm_check functions. I then overwrite those functions with an asm jump to my function to do the TPE check. The problem is, the currently loaded LSM will no longer execute the code for it's hook to that function, because it's been totally hijacked. Here is an example of what I do: int tpe_security_bprm_check(struct linux_binprm *bprm) { int ret = 0; if (bprm->file) { ret = tpe_allow_file(bprm->file); if (IS_ERR(ret)) goto out; } #if WRAP_SYSCALLS stop_my_code(&cs_security_bprm_check); ret = cs_security_bprm_check.ptr(bprm); start_my_code(&cs_security_bprm_check); #endif out: return ret; } Notice the section between the #if WRAP_SYSCALLS section (it's defined as 0 by default). If set to 1, the LSM's hook is called because I write the original code back over the asm jump and call that function, but I run into an occasional kernel OOPS with an "invalid opcode": invalid opcode: 0000 [#1] SMP RIP: 0010:[<ffffffff8117b006>] [<ffffffff8117b006>] security_bprm_check+0x6/0x310 I don't know what the issue is. I've tried several different types of locking methods (see the inside of start/stop_my_code for details) to no avail. To trigger the kernel OOPS, write a simple bash while loop that endlessly starts a backgrounded "ls" command. After a minute or so, it'll happen. I'm testing this on a RHEL6 kernel, also works on Ubuntu 10.04 LTS (2.6.32 x86_64). While this method has been the most successful so far, I have tried another method of simply copying the kernel function to a pointer I created with kmalloc but when I try to execute it, I get: kernel tried to execute NX-protected page - exploit attempt? (uid: 0). If anyone can tell me how to kmalloc space and have it marked as executable, that would also help me solve the above problem. Any help is appreciated!

    Read the article

  • What bug tracking software do you use?

    - by Thomas Owens
    I'm currently looking at Bugzilla and Trac, as they seem to be the most popular (and I'm hoping that also means if there are any problems, it will be easier to get help), but I'm curious what solutions you use or have used and what your thoughts are. I'm currently leaning toward Trac, as it's Wiki functionality can be used to support documentation. But that might not be a good enough reason to jump on Trac.

    Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >